How to Restrict VTY – SSH access to a specific IP

By | December 8, 2018

Controlling Access to a VTY via SSH to a specific IP helps improve security to your Cisco Switches or Routers.

You can control who can access the virtual terminal lines (vtys) to a router or Cisco Switch by applying an access list to inbound vtys.

Switch(config)#access-list 1 remark “Restrict SSH Access”
Switch(config)#access-list 1 permit host log
Switch(config)# line vty 0 4
Switch(config-line)#access-class 1 in
Switch#copy running-config startup-config
Destination filename [startup-config]?
Building configuration…

Perform the above steps when you want to control access to a vty coming into the Cisco router or Cisco Switch by using an access list.


I am not responsible for any damage to your Cisco Catalyst Switch. If you point the finger at me for messing up your Cisco Catalyst Switch, I will definitely laugh at you.